crm & mobile gateway: one api for two type of auths

Not applicable

I have a service with a lot of operations like:

/client_invoices/{client_id}

I have two type of apps for this api: crm and mobile devices.

Both are going to use the same api.

For crm I imagine a simple appkey+secret security to call this api.

Mobile device additionaly should call special operation to validate user credentials and start session (cache current client_id).

Crm system could know invoices for any client_id.

But for mobile devices could call the operation only for client_id from the session (cache).

----

The question:

What is the best practice from apigee point of view:

should we create two different apis or it's possible to keep one and publish it for two different apps?

If we can keep one then how to organoze it on proxy definition?

0 1 172
1 REPLY 1

Not applicable
@Dmitry Lukyanov

Are you implementing Oauth 2.0 password grant flow for the mobile device ?

Ideally you would want a single API to support different authentication/authorization mechanism based on the type of client device .